[Zope-CMF] declarative security bug?

Shane Hathaway shane@digicool.com
Tue, 24 Jul 2001 17:17:56 -0400


Jens Vagelpohl wrote:
> it's actually not a bug but intended behavior which we might re-think
> since quite a few people stumble over it and its side effects.

FYI We have taken the initiative and removed this quirk starting with
Zope 2.4.0.  It was an optimization so rarely used that it really did no
good (and got people confused!)

Shane

> Seb wrote:
> > I think I've found a security bug, but it might be something unique to
> > my setup.  However, I'm in a real mad dash this week so I haven't time
> > to check it in a vanilla install.
> >
> > Why does this print "Manager"
> >
> >     security.declareProtected(AddPortalContent, 'parper')
> >     def parper(self):
> >         'parp'
> >         print self.portal_membership.getAuthenticatedMember()
> >
> > But this prints "Anonymous User"
> >
> >     security.declarePublic('parper')
> >     def parper(self):
> >         'parp'
> >         print self.portal_membership.getAuthenticatedMember()
> >
> > ?